Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Amended php_self to stop spoofing

Base PHP_SELF on SCRIPT_NAME/SCRIPT_FILENAME

check if cgi.fix_pathinfo is set
  • Loading branch information...
commit a3345dd6673406c5155dcd1a0f7db3af03635b4b 1 parent 2026e89
@gburton gburton authored haraldpdl committed
View
2  catalog/admin/includes/application_top.php
@@ -34,7 +34,7 @@
require(DIR_WS_FUNCTIONS . 'compatibility.php');
// set php_self in the local scope
- $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
+ $PHP_SELF = (((strlen(ini_get('cgi.fix_pathinfo')) > 0) && ((bool)ini_get('cgi.fix_pathinfo') == false)) || !isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) ? basename($HTTP_SERVER_VARS['PHP_SELF']) : basename($HTTP_SERVER_VARS['SCRIPT_NAME']);
// Used in the "Backup Manager" to compress backups
define('LOCAL_EXE_GZIP', '/usr/bin/gzip');
View
2  catalog/includes/application_top.php
@@ -43,7 +43,7 @@
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
// set php_self in the local scope
- if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
+ $PHP_SELF = (((strlen(ini_get('cgi.fix_pathinfo')) > 0) && ((bool)ini_get('cgi.fix_pathinfo') == false)) || !isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) ? basename($HTTP_SERVER_VARS['PHP_SELF']) : basename($HTTP_SERVER_VARS['SCRIPT_NAME']);
if ($request_type == 'NONSSL') {
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
Please sign in to comment.
Something went wrong with that request. Please try again.